Re: [Shorewall-devel] Shorewall 4.4.13 Beta 5

Tue, 14 Sep 2010 14:25:54 -0700 

On 9/14/10 2:07 PM, Tom Eastep wrote:
> On 9/14/10 1:18 PM, Tom Eastep wrote:
>> On 9/14/10 1:07 PM, Mr Dash Four wrote:
>>>
>>>> 1)  The OPTIONS column in the blacklists file may now be a comma-
>>>>     separated list of 'to' and 'from'. Duplicates are ignored with a
>>>>     warning message.
>>>>   
>>> I am trying to use this (with ipsets and "from,to" specified in the 
>>> options column), but I don't think it works!
>>
>> It's broken in Beta 4.
> 
> And it appears that very simple cases are also broken in Beta 5 :-(
> 
> I'll take a look.

The attached patch seems to correct this for simple configs.

        patch /usr/share/shorewall/Shorewall/Rules < BLACKLIST.patch

Expect offset warnings.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Rules.pm 
b/Shorewall/Perl/Shorewall/Rules.pm
index 56790f1..1c4e18e 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -2034,7 +2034,7 @@ sub generate_matrix() {
                            my $interfacematch = '';
                            my $use_output = 0;
 
-                           if ( @vservers || use_output_chain( $interface, 
$interfacechainref ) || ( ( $blacklist || @{$interfacechainref->{rules}} ) && ! 
$chain1ref ) ) {
+                           if ( @vservers || use_output_chain( $interface, 
$interfacechainref ) || $blacklist || ( @{$interfacechainref->{rules}} && ! 
$chain1ref ) ) {
                                $outputref = $interfacechainref;
                                add_jump $filter_table->{OUTPUT}, $outputref, 
0, match_dest_dev( $interface ) unless $output_jump_added{$interface}++;
                                $use_output = 1;

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to